Tag: 0day

[webapps] FileBrowser 2.17.2 – Cross Site Request Forgery (CSRF) to Remote Code Execution (RCE)

[webapps] Hospital Management System 4.0 – 'multiple' SQL Injection

[webapps] WordPress Plugin International Sms For Contact Form 7 Integration V1.2 – Cross Site Scripting (XSS)

[remote] Wing FTP Server 4.3.8 – Remote Code Execution (RCE) (Authenticated)

[webapps] WordPress Plugin Simple Job Board 2.9.3 – Local File Inclusion

[webapps] Servisnet Tessa – MQTT Credentials Dump (Unauthenticated) (Metasploit)

[webapps] WBCE CMS 1.5.2 – Remote Code Execution (RCE) (Authenticated)

[local] FLAME II MODEM USB – Unquoted Service Path

[webapps] WordPress Plugin IP2Location Country Blocker 2.26.7 – Stored Cross Site Scripting (XSS) (Authenticated)

[webapps] Servisnet Tessa – Privilege Escalation (Metasploit)